Secret
Go to Secret in Log & Report to see logs related to the following:
-
JSON: Export the selected secret session log to your computer as a JSON file named as secret-xyz-YYYY_MM_DD.json
-
CSV: Export the selected secret session log to your computer as a CSV file named as secret-xyz-YYYY_MM_DD.csv
-
TEXT: Export the selected secret session log to your computer as a text file named as secret-xyz-YYYY_MM_DD.txt
-
Disk (default) (FortiPAM)
-
FortiAnalyzer
-
5 minutes
-
1 hour
-
24 hours
-
7 days
-
Custom
-
View All
- From the dropdown, select Custom.
- In the window that opens, you can set combinations of
=
,Range
,<=
,>=
, andNOT
. - Enter a date and time.
- Click Apply.
For example, to create a range filter that filters and displays all the logs between 8:00 AM on 10th October, 2023 to 1:00 PM on 12th October 2023, we set up a filter that looks like the following:
The following options are available in the tabs:
Back () |
Go back to Secret. |
Export |
From the Export dropdown, select to export the logs in the following three formats: |
Log location |
Select a source from where to retrieve logs: See FortiAnalyzer logging for setting up FortiAnalyzer as the remote logging server. |
Time frame |
From the dropdown, select from the following time filters: |
Refresh |
To refresh the contents, click the refresh icon. |
Details |
Select to see details for the selected log entry. |
Search |
Enter a search term in the search field, then hit |
Secret
Selecting Secret opens all the secret logs. Different subcategories of secret logs are displayed when you click on a secret log.
where:
-
Secret Address: The IP address or FQDN of the actual target server.
-
Gateway: The gateway name for the secret.
-
Destination IP: The next hop IP address. If the next hop is FortiPAM, this is the IP address of FortiPAM.
If the next hop is the actual target server, this is the IP address of the actual target server.
If the next hop is a gateway, this is the IP address of the gateway.
Clear Text
Selecting Clear Text shows logs related to viewing passwords. This category of the secret log shows all the information related to the launching of a secret, uploading of a video, termination of a launched session, and status of a FortiPAM token.
Check-outs and Check-ins
Selecting Check-outs and Check-ins shows logs related to password check-ins and check-outs. It displays all the information related to secret check-out and check-in.
Password Changes
Selecting Password Changers shows logs related to password changers. It displays all the information about when a password changer is triggered on a secret. It indicates whether the operation is successful and who initiated the operation. Operations such as password verification or change of password are recorded here.
For some column descriptions, see Secret.
Secret Video
Selecting Secret Video shows logs related to secret videos. This category of the secret log shows all the videos of launched secrets from FortiPAM. It is helpful to assist in auditing a user's behavior on the secret, ensuring that no malicious activity is performed.
To view a recorded video of a launched secret:
-
Select the log with the operation labelled as Video upload finished, then click the Details button located at the right of the menu.
Alternatively, double-click the log labelled as Video upload finished.
The video player opens, and the secret video is automatically played.
To download a recorded video of a launched secret:
- Select the log with the operation labelled as Video upload finished, then click the Details button located at the right of the menu.
Alternatively, double-click the log labelled as Video upload finished.
- From the window that opens, select the download icon () to save the secret video on your computer in
WebM
format.
Secret Request
Selecting Secret Request shows logs related to secret requests. This category of the secret log shows all the information related to a secret that requires secret approval. It indicates when a request is submitted for a secret or when a request is approved or denied.
Job
Selecting Job shows all logs related to jobs. This category of secret log keeps track of all the events related to an execution of a job on a secret. This includes the job name, the user who initiated the job, the type of the job, and whether the job is executed successfully.
Service Account
Selecting Service Account shows all the logs related to service accounts. This category of the secret log shows information related to updating credentials related to a service account.